Intelligence experts say Iranian regime hackers targeted dissidents during online rally

Special The Iranian regime orchestrated a massive social-media campaign in an attempt to disrupt and discredit an online conference of dissidents, according to a report published on Friday. (Supplied/NCRI)
The Iranian regime orchestrated a massive social-media campaign in an attempt to disrupt and discredit an online conference of dissidents, according to a report published on Friday. (Supplied/NCRI)
Short Url
Updated 12 December 2020
Follow

Intelligence experts say Iranian regime hackers targeted dissidents during online rally

The Iranian regime orchestrated a massive social-media campaign in an attempt to disrupt and discredit an online conference of dissidents, according to a report published on Friday. (Supplied/NCRI)
  • Campaign by Revolutionary Guards and Ministry of Intelligence and Security included thousands of fake social media accounts

CHICAGO: The Iranian regime orchestrated a massive social-media campaign in an attempt to disrupt and discredit an online conference of dissidents, according to a report published on Friday.

The July 17 event, thought to be the largest of its kind, called on the US, UN and EU to impose tougher sanctions on Tehran. It was organized by opposition groups the People’s Mojahedin Organization of Iran (PMOI/MEK) and the National Council of Resistance of Iran.

The participants included more than 1,000 politicians and government officials, including heads of state and foreign ministers. Prominent US political figures included former New York Mayor Rudy Giuliani, and US Senator Joseph Lieberman.

The report was compiled by Treadstone 71, a cyber and threat intelligence consultancy. It said that hackers known as Basij Cyber Units (BCU), a paramilitary wing of the Islamic Revolutionary Guard Corps (IRGC) and Iran’s Ministry of Intelligence and Security (MOIS), aimed to “drown out” the voices on social media calling for regime change in Iran by creating thousands of fake accounts.

Experts at the company, which specializes in monitoring Iranian cyber and influence operations and researches hacker groups, said that during the conference they spotted “highly unusual spikes in social-media activity that, at first glance, seemed random.”

Analysis showed “that at least 35 to 45 percent of accounts participated in this campaign from inside Iran, non-inclusive of the likely Iranian participants using VPNs (virtual private networks) and proxies.” VPNs and proxies are commonly used to disguise a user’s geographic location.

The report continued: “The Revolutionary Guards Cyber Unit (RGCU) led the well-organized influence operations. According to the data, nearly 46 percent of accounts engaged in the campaign were fake and spam accounts.”

The authors stated that 26,431 social-media accounts were used in the campaign, of which 11,294 were fake or “low-follower” accounts that had been newly created or were previously dormant.




The July 17 event, thought to be the largest of its kind, called on the US, UN and EU to impose tougher sanctions on Tehran. It was organized by opposition groups the People’s Mojahedin Organization of Iran (PMOI/MEK) and the National Council of Resistance of Iran. (Supplied/NCRI)

“The RGCU enrolled 1,622 Twitter accounts in June and July, within one month of the online conference,” according to the report. Immediately after the conference, 3,453 of the accounts were deleted and 1,168 became inactive. The campaign also used “bots,” automated programs that can automatically search the internet for specific data.

The BCU is known to have created hundreds of thousands of fake Twitter accounts, hacked social-media accounts, disrupted and vandalized websites, and stolen information from anti-regime activists.

PMOI/MEK spokesman Shahin Gobadi, who is based in Paris, said the report is proof that Iran’s leaders fear the organization and shows why the regime must be sanctioned.

“Since its inception, Iran’s clerical regime has been engaged in a massive demonization and disinformation campaign against its opponents, particularly the main resistance group: the People’s Mojahedin Organization of Iran, the MEK,” he said.

“The demonization campaign has been part and parcel of its terror machine inside and outside of Iran. As such, the mullahs have devoted massive amounts of resources and manpower to the dissemination of lies and slander against the MEK in the cybersphere over the years.”

Gobadi said the report confirms what the world already knows: “The main source of lies and allegations against the MEK is the clerical regime — and specifically the MOIS and the IRGC, both of which have elaborate sections devoted to cyber activities.”

The dissident conference prompted condemnations of the brutality of the Iranian regime and its acts of terrorism. The speakers included human rights activists Ingrid Betancourt and Linda Chavez, along with representatives from the European, German, French and Italian parliaments.